Blog

Email-borne cyber attacks: A constant security threat

The sheer widespread usage of e-mails, both on a personal and on a professional basis by sheer billions of people, means hackers and cyber criminals can target multiple people at once.

Seqrite Aug 08th 2018

Since the invention of the World Wide Web in 1989 by Tim Berners-Lee, the technology has changed. What used to be a collection of simple text-based Usenet groups metamorphosed into multimedia and graphics. First email communication was all the rage, then it shifted to social media. But, there’s one technology which continues to remain ubiquitous: electronic mail or e-mail.

Texting and social media may be popular now but email remains the preferred mode of communication for the majority of businesses worldwide and it shows no signs of signing down. The Radicati Group estimated that the total number of business and consumer emails sent and received per day will exceed 281 billion in 2018 and is forecast to grow over 333 billion by the end of 2022. There are 3.8 billion email users worldwide and the figure is estimated to grow beyond 4.2 million by the end of 2022.

With these numbers, it’s not really a wonder why email continues to be a preferred mode of attack for cyber criminals. The sheer widespread usage of e-mails, both on a personal and on a professional basis by sheer billions of people, means hackers and cyber criminals can target multiple people at once. The United States’ Federal Bureau of Investigation (FBI) estimated that business email compromise and email account compromise represented the highest reported losses at more than $676 million in 2017.

The most common email-based attacks normally take the following form:

Ransomware:

Ransomware refers to malicious software that locks systems or encrypts data and demands a ransom in exchange. The two most common channels through which ransomware infiltrate a system are through email and compromised websites. In fact, 93% of all phishing emails contained encryption ransomware in 2016. To make these emails look genuine and convincing, they are disguised as invoices, tax forms, letters from a co-employee or a boss.

Cyber criminals like using ransomware as it is an easy, anonymous way to terrorize corporate and get money. Ransomware does not even need any specialized technical knowledge to be effective – hackers can use shared code and even access services which will collect the ransom via Bitcoin. In fact, a report suggested that ransomware attacks were up by a momentous 400 percent, mainly attributing it to the popularity of WannaCry.

Spear phishing

Spear phishing is a variation of a phishing scam wherein hackers send a targeted email to an individual which appears to be from a trusted source. The agenda of these mails like any other cyber fraud is to either gain access to the user’s system or obtain other classified information. Spear phishing is considered one of the most successful cyber attack techniques because of the superior level of personalization done to attack users which makes it highly believable.

In spear phishing, users get meticulously personalized mails from a trusted source or a company you’re familiar with and interact quite often. This could be as scrupulous as an email from a friend, colleague or your boss asking you for access to classified information. Spear phishing hackers thrive on their knowledge about you which lets you lose your guard in most cases.

Business Email Compromise (BEC)

Business Email Compromise is a type of phishing attack where cyber criminals show up as company executives and try to convince the customers, employees or vendors into transferring sensitive information and associated funds. BEC attacks are probably the most focused form of phishing where the cyber attackers research the landscape by looking at the social profiles of the targeted employees. Looking closely at the employees, vendors and non-suspecting customers allow cyber criminals to draft highly targeted emails.

A BEC is often a highly focused attack and works in a manner that the emails flowing in look completely legitimate to the receiver making him act on it and thus becoming a victim. BEC attacks mostly focus on individuals who are responsible for wire transfers, targeting businesses and employees through spoof emails.

To guard against email-borne cyber attacks, organizations must employ a multi-layered solution which offers advanced protection, URL filtering, Data loss prevention and encryption along with firewall and email protection. Organizations can consider Seqrite’s range of powerful tools to allow enterprises to unallow malware, untolerate vulnerabilities and unauthorize alien access, leading to an unrisk enterprise.